Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ars: Cross-Platform Malware Communicates With Sound

Posted by timothy on from the beep-beep-you're-dead dept.

An anonymous reader writes "Do you think an airgap can protect your computer? Maybe not. According to this story at Ars Technica, security consultant Dragos Ruiu is battling malware that communicates with infected computers using computer microphones and speakers." That sounds nuts, but it is a time-tested method of data transfer, after all.

6 of 245 comments (clear)

  1. And there's a whole series of comments at Ars... by NeverWorker1 · · Score: 5, Informative

    Explaining why the whole thing is probably a hoax.

  2. Re:And there's a whole series of comments at Ars.. by geekoid · · Score: 4, Informative

    " Dragos Ruiu (@dragosr), the creator of the pwn2own contest"
    It would be odd for him to screw up his rep with a hoax like this.

    http://www.securityartwork.es/2013/10/30/badbios-2/?lang=en

    --
    The Kruger Dunning explains most post on /. http://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect
  3. Re:Hoax by DdJ · · Score: 4, Informative

    Sorry, that sort of acoustic coupling is bound to be loaded with errors. You might be lucky to get 16 BYTES per second, and even then, those speakers aren't powerful enough to transmit very far.

    You know that ultrasonics are precisely how a modern Furby communicates with its companion iPhone app? (There's even perl code implementing it so you can hack them.)

  4. Re:And there's a whole series of comments at Ars.. by Tuidjy · · Score: 5, Informative

    I just tested my PC's speakers / microphone... The power output is rock steady up to 15kHz, then falls to 75% by 20kHz, 50% by 30kHz, and about 10% by 40kHz. Then it stays that way to fiftish kHz, which is as far as my loop went.

    I could already not hear it by 14kHz... damn I'm old. Last time I did something like this, I was OK up to 17kHz, and back at the Institute I was fine at 19kHz.

    I think that no one hear 30 kHz, and you still get 50% power on my PC... which is nothing special. You can definitely get decent communication outside of hearing range.

    --
    No good deed goes unpunished...
  5. Let me get that for you... by connor4312 · · Score: 4, Informative
    It seems like the vast majority of people started flaming without reading the author's comment, so here it is:

    Dear Ars readers,

    As a journalist for more than 17 years, I have never written a spoof story for April Fool's Day or any other holiday. I certainly had no intention of doing so with this article. It's completely coincidental that this story ran today, on Halloween.

    The ninth paragraph of my article reads:

    Quote:
    "At times as I've reported this story, its outline has struck me as the stuff of urban legend, the advanced persistent threat equivalent of a Bigfoot sighting. Indeed, Ruiu has conceded that while several fellow security experts have assisted his investigation, none has peer reviewed his process or the tentative findings that he's beginning to draw."


    Here and elsewhere in the post, I have tried to make clear that many of the details of this article sounded far-fetched to me. They still do. I have also tried to be transparent that no one has independently corroborated Ruiu's findings. That said, these same details have been publicly available for more than two weeks, and a large number of Ruiu's peers find them believable.

    I decided to resolve this conflict between my own skepticism and the reaction of Ruiu's fellow security researchers by reporting accurately what all of them said and making clear that so far no one has peer reviewed Ruiu's research process or findings.

    I have no doubt that researchers will pore over every laptop and USB drive Ruiu makes available and independently arrive at their own conclusions. I fully intend to report whatever they find. If they find no evidence to support Ruiu's account, Ars readers will be among the first to know.

    Regards,

    Dan Goodin

  6. Read the article! by Egdiroh · · Score: 4, Informative

    1) The assertion is that this malware infects as many bioses on the machine as it can. But a bios isn't big, so instead of containing code to directly infect the main OS, it contains code to setup a mesh network with it's peers to download the appropriate OS root kit.
    2) The air gap was on a laptop (with a battery) in a room with potentially infected machines.
    3) There never was a claim that a completely clean machine was infected over any method, just that a machine that had been the recipient of a lot of low level cleaning, and disabling managed to demonstrate a full re infection after spending enough timeout the proximity of other infected machines.

    None of things asserted here are particularly novel. Infections at all levels bios, aren't novel. Mesh networking, isn't novel. Acoustic networking isn't novel. The arrangement of them to maximize the effectiveness of them is the novel part. But also in retrospect is also pretty obvious. Rather then try to code for all the bios and OS combinations, and all the OS and device combinations, you code for all the bios and device combinations, and then code for all the OS choices in a one off.